[DeleGate-En] unusual application for delegated
I have a proprietary credit card authorization application that runs on
an old mini-mainframe type machine that has no network encryption
I'd like to encrypt transactions between the point-of-sale (POS)
terminals and the credit host. We can add OpenSSL libraries to the
(windows CE) POS terminal application. We cannot add any new software or
encryption capability to the credit host.
I am hoping to place a delegated proxy running a generic TCP service
just in front of the credit server with encryption enabled on the store
side of the proxy and clear text on the credit host side. I am already
doing this to encrypt telnet sessions to the host, but the credit
authorization application is unusual in that the server has a separate
TCP port open for EACH of our retail stores. In other words, every store
has a destination port on the server specially designated and configured
for that particular store. There are over 300 stores.
I could probably configure an individual port on the delegate box for
each store, but I'm wondering if there might be a better way to do this.
Is there a way that this could be done more transparently? E.G. if I
were to route the traffic to the delegate box and it could decrypt it
and forward it to the credit host on the same destination port? If this
is not possible, how many ports could I realistically proxy on a single
box running delegated? The transactions are very small, typically a 5
packet exchange. The TCP connections are persistent. Once a client sets
up a TCP connection it stays up for days, weeks, or even months. Usually
until a network or power outage occurs somewhere along the path.
Thanks in advance ...jgm